private function enforceOwnerSecurity(Email $email) { $user = $this->getUser(); if ($user != $email->getOwner()) { throw new AccessDeniedException('You are not the owner!'); } }